Hey folks, over the last couple months someone has been sending emails as our founder and engineer “Limor Fried.” The scammer appears to be emailing electronic companies after finding a contact email from the electronic company webpages and then asking the company to call/email them. The email address is not an @adafruit.com address of course, they are using email addresses like Limor_Fried@protonmail.com. Some of the emails sent were from other email providers and our team was able to get the accounts disabled, however, that is just “wack-a-mole” as they say. The recent ones have a Whatsapp phone #. We called and messaged the # and then were blocked it seems. We contacted Whatsapp, and alerted our legal folks. We also emailed protonmail (the most recent one) and they said “We will investigate and disable this account if we confirm that it’s being used to impersonate someone for purposes of fraud. Best regards, The ProtonMail Security Team”
So! Here’s a screenshot of the email that is being used each time. The electronic companies are all smart and knew right away it was not the real Limor, enough were sent out though that we wanted to post about it here to refer to.
The previous one(s) looks like this…
To be clear, that is not Limor. Limor does not even have a phone (or send emails like that). The Adafruit team uses only the following means for official Adafruit business: @adafruit.com and we do not use Whatsapp for phone calls.
In the past (and present, and future..) harassers, scammers, and stalkers have made fake Adafruit sites, sent emails as fake-Limor, fake-pt, fakes to our CFO, etc… pretty much everything that happens when you have a company or are a person online it seems. Shields up, stay frosty, and please email firstname.lastname@example.org when in doubt, we’ll check it out.
“We will take appropriate action against the account. If you notice any other similar accounts in the future, please let us know.
ProtonMail Abuse Team”
Another wave of fake Limors today. We contacted the hosting provider(s) and more as usual.
Headers are here.
User-Agent: Roundcube Webmail/1.3.3
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – emerald7.doveserver.com
X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain – adafruit.com
X-Get-Message-Sender-Via: emerald7.doveserver.com: authenticated_id: email@example.com
X-Authenticated-Sender: emerald7.doveserver.com: firstname.lastname@example.org
Begin forwarded message:
From: Limor Fried
Date: 11 October 2018 at 14:57:02 CEST
Update: 1/22/2019, another…
Update: 1/23/2019 another (tried to use adafruiit.com this time, adafruit with two ii …)
Update: 1/29/2019, another… (we were alerted of two, both coming from email@example.com, firstname.lastname@example.org)
Update: 3/11/2019, they are still at it… they are now using: 18.104.22.168 IP, smtp.hughes.net, from: email@example.com (we’ll see if there is a way to report this).
Update: 3/12/19, Microsoft banned the account.
Update: 4/24/19 we were alerted by a couple resellers they are at it again.
Update: 4/25/19 It appears the scammer was attempting to trick people they are emailing from firstname.lastname@example.org to filling out this form at “cognitoforms.com”, we were able to get the form taken down.
Update: 7/3/19 Looks like the fake-limor is at it again, this time they’re using a hotmail account (email@example.com), and a possibly hacked server/email account: firstname.lastname@example.org
Update: 8/19/19 Looks like another fake limor, this time using gmail. We reported email@example.com to google and google gmail abuse, we’ll see what happens.
Update: 1/14/2020, fake Limor scam attempt is back, we reported firstname.lastname@example.org to google and google gmail abuse, as well as: email@example.com we’ll see what happens.
Update: 1/15/2020, when the potential victims reply, this is the text the scammer is sending, screenshot above and text below.
From: Adafruit Industries firstname.lastname@example.org
Date: Wed, Jan 15, 2020 at 3:48 AM
Subject: Re: Hello (New Project)
Thank you for your prompt response. Adafruit Industries is acquiring a bio science machine from China and we need a representative that can handle it from outside USA. We solicit your assistance due to US-China Trade Dispute, the increase percent tariffs imposed on import from China/Hong Kong and the newly unfavorable monetary policy of the US Government which makes money transfer take longer process. It will be easier and quicker if Adafruit Industries can get a Rep to handle it from outside USA and since you are one of our distributors we thought it wise to contact you to be part of this new project.
Kindly let me know if you can handle it so I can send you details.
150 Varick Street
NY 10013, USA
Update: 5/20/2020 – They’re back, guess they took off some time during the pandemic, but are scamming again.
From: Limor Fried
Date: Wed, 20 May 2020 at 22:06
Do you have a moment to correspond with me via email?
I have an obligation that I would like you to complete ASAP.
Please contact me on my personal email(email@example.com) for directive.
150 Varick St, New York,
NY 10013 U.S.A
© Adafruit Industries. All rights reserved.
CONFIDENTIALITY NOTICE: The information in this electronic mail is intended only for the named recipient. It is confidential and may be privileged.
We reported it to Microsoft today.
From: Limor Fried firstname.lastname@example.org
Date: Mon, 28 Sep 2020 03:07:07 -0930
I’m planning to surprise some of the staff with Gifts, Your confidentiality
will be appreciated however, I need you to get a purchase done, Email me
once you get this .
Chief Executive Officer & Founder
sent from my mobile device
9-28-2020 This fake-Limor sent this to some of our team.
We reported it to google https://support.google.com/mail/contact/abuse?hl=en
De : Limor Fried
Date: ven. 28 mai 2021 à 16:15
Subject: Re: Unable to reach you
Hi , I called your office earlier, it’s not connecting. If you receive this message kindly reply, It’s important.
Limor “LadyAda” Fried
Founder, Chief Engineer & CEO
New York City (SoHo, Manhattan)
May 28, 2021 – they are back, this was sent to one of our resellers and they let us know.
May 30, 2021 – They’re back now telling people to email LimorFried@hotmail.com , we will try to report it to hotmail.
June 7, 2021 – back and now trying from “Limor Fried” @ email@example.com . We have reported it to the domain / provider.
October 14, 2021 – they are back, sending email from firstname.lastname@example.org from a server kensami.com. We have reported it to the domain / provider.